Virus / Malware

All the reasons why cybercriminals want to hack your phone18 décembre 2018
When people think of hacking, most imagine desktop computers, laptops, or perhaps even security cameras. However, in recent years, cybercriminals have expanded their repertoire to include smartphones, too. Here are 10 reasons why they may be looking to hack your phone. 1. To infect it with malware Many smartphone users assume they can stay safe from malware and other threats by installing antiviru …

Mobile Menace Monday: Is Fuchsia OS the end of Android?17 décembre 2018
It’s no secret that every year Google announces a new Android version. This time though, recent Google documents state that the next major Android version will be Android Q and not Android 9.1 Pie. In parallel, Google is also developing an operating system called Fuchsia that’s supposedly going to replace Android in the near future. People were expecting to see a statement from Google about Fuchsi …

A week in security (December 10 – 16)17 décembre 2018
Last week on Labs, we took a look at some new Mac malware, a collection of various scraped data dumps, the protection of power grids, and how bad actors are using SMB vulnerabilities. Other cybersecurity news Millions affected by Facebook photo API bug: An issue granted third-party apps more access to photos than should normally be granted, including images uploaded but not published. (source: Fa …

How threat actors are using SMB vulnerabilities14 décembre 2018
Some of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message Block (SMB) to propagate through an organization’s network. Windows SMB is a protocol used by PCs for file and printer sharing, as well as for access to remote services. A patch was released by Microsoft for SMB vulnerabilities in March 2017, but many organizations and home u …

Compromising vital infrastructure: the power grid13 décembre 2018
Where were you when the lights went out? That line became famous after the 1977 blackout in New York City. This power outage was caused by lightning and lasted for up to two days, depending on which part of New York you lived in. While in this case the power grid failure was a freak incident due to faulty backup equipment, it is still famous for the havoc it wreaked throughout the city—including l …

Data scraping treasure trove found in the wild11 décembre 2018
We bring word of yet more data exposure, in the form of “nonsensitive” data scraping to the tune of 66m records across 3 large databases. The information was apparently scraped from various sources and left to gather dust, for anyone lucky enough to stumble upon it. What is data scraping? The gathering of information from websites either by manual means, which isn’t time optimal, or by automated p …

Flurry of new Mac malware drops in December11 décembre 2018
Last week, we wrote about a new piece of malware called DarthMiner. It turns out there was more to be seen, as not just one but two additional pieces of malware had been spotted. The first was identified by Microsoft’s John Lambert and analyzed by Objective-See’s Patrick Wardle, and the second was found by Malwarebytes’ Adam Thomas. A Word document with a malicious macro Lambert …

A week in security (December 3 – 9)10 décembre 2018
Last week on Malwarebytes Labs, we gave readers an FYI on multiple breaches that affected Humble Bundle, Quora, and Dunkin’ Donuts, to name a few. This follows the announcement from Marriott about a four-year-long breach that impacted half a billion of its patrons. We also pushed out the report, “Under the Radar: The Future of Undetected Malware”, wherein we examined current thre …

Something else is phishy: How to detect phishing attempts on mobile10 décembre 2018
In a report published in 2011, IBM revealed that mobile users are three times more likely to fall for phishing scams compared to desktop users. This claim was based on accessed log files found on Web servers used to host websites involved in phishing campaigns. Almost a decade later, we continue to see different organizations reporting an increased trend in phishing attacks targeting the mobile ma …

Mac malware combines EmPyre backdoor and XMRig miner7 décembre 2018
Earlier this week, we discovered a new piece of Mac malware that is combining two different open-source tools—the EmPyre backdoor and the XMRig cryptominer—for the purpose of evil. The malware was being distributed through an application named Adobe Zii. Adobe Zii is software that is designed to aid in the piracy of a variety of Adobe applications. In this case, however, the app was called Adobe Z …

New Flash Player zero-day used against Russian facility5 décembre 2018
For the past couple of years, Office documents have largely replaced exploit kits as the primary malware delivery vector, giving threat actors the choice between social engineering lures and exploits or a combination of both. While today’s malicious spam (malspam) heavily relies on macros and popular vulnerabilities (i.e. CVE-2017-11882), attackers can also resort to zero-days when trying to …

Breaches, breaches everywhere, it must be the season5 décembre 2018
After last weeks shocker from Marriott this week started off with disclosures about breaches at Quora, Dunkin’ Donuts, and 1-800-Flowers. Quora Quora is an online community that focuses on asking and answering questions. It was founded in 2009 by two former Facebook employees. The stolen data may concern up to 100 million users of the platform and included the username, the email address, and the …

New ‘Under the Radar’ report examines modern threats and future technologies5 décembre 2018
As if you haven’t heard it enough from us, the threat landscape is changing. It’s always changing, and usually not for the better. The new malware we see being developed and deployed in the wild have features and techniques that allow them to go beyond what they were originally able to do, either for the purpose of additional infection or evasion of detection. To that end, we decided t …

Humble Bundle alerts customers to subscription reveal bug4 décembre 2018
You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal information about Humble Bundle accounts. The bug did not expose email addresses, but the person exploited …

A week in security (November 26 – December 2)3 décembre 2018
Last week on Malwarebytes Labs, we took a look at our cybersecurity predictions for 2019, we explained why Malwarebytes participated in AV testing and how we took part in an joint take down of massive ad fraud botnets, warned that ESTA registration websites still lurk in paid ads on Google, discussed what 25 years of webcams have brought us, and reported about the Marriott breach that impacted 500 …

Marriott breach impacts 500 million customers: here’s what to do about it30 novembre 2018
Today Marriott disclosed a large-scale data breach impacting up to 500 million customers who have stayed at a Starwood-branded hotel within the last four years. While details of the breach are still sparse, Marriott stated that there was unauthorized access to a database tied to customer reservations stretching from 2014 to September 10, 2018. For a majority of impacted customers (approximately 32 …

The 25th anniversary of the webcam: What did it bring us?30 novembre 2018
How did the webcam progress from a simple convenience to a worldwide security concern in 25 years? November 2018 can be marked as the 25th anniversary of the webcam. This is a bit of an arbitrary choice, but if we consider a webcam that was installed at the University of Cambridge to keep an eye on the coffee level in the shared coffeemaker as the first one, then it’s been 25 years already. And th …

ESTA registration websites still lurk in paid ads on Google28 novembre 2018
Google has taken direct action against adverts promoting ESTA registration services, often offered by third parties at highly inflated prices. Ads displayed on the Google network shouldn’t display fees higher than what a public source or government charges for products or services. This tightening of the ad leash has taken a remarkable eight years to complete—and we argue it’s not done yet. …

Malwarebytes helps take down massive ad fraud botnets28 novembre 2018
On November 27, the US Department of Justice announced the indictment of eight individuals involved in a major ad fraud case that cost digital advertisers millions of dollars. The operation, dubbed 3ve, was the combination of the Boaxxe and Kovter botnets, which the FBI—in collaboration with researchers in the private sector, including one of our own at Malwarebytes—was able to dismantle. The US C …

Why Malwarebytes decided to participate in AV testing27 novembre 2018
Starting this month, Malwarebytes began participating in the antivirus software for Windows comparison test performed by AV-test.org. This is uncharted territory for us, as we have refrained from participating in these types of tests since our inception. Although recent testing results show Malwarebytes protecting against more than 97 percent of web vector threats and detecting and removing 99.5 p …

Cybersecurity Trends 2019: Privacy and intrusion in the global village18 décembre 2018
With just days left in 2018, ESET experts offer their reflections in ‘Cybersecurity Trends 2019’ on themes that are set to figure prominently in the upcoming year The post Cybersecurity Trends 2019: Privacy and intrusion in the global village appeared first on WeLiveSecurity …

How to protect yourself as the threat of scam apps grows14 décembre 2018
As the threat of bogus apps continues, what can we do to protect ourselves against these fraudulent practices? The post How to protect yourself as the threat of scam apps grows appeared first on WeLiveSecurity …

Week in security with Tony Anscombe14 décembre 2018
Android Trojan steals money from PayPal accounts, the next generation of Dark Markets, and the Google+ to shut down earlier after new bug The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

Malaysian government targeted with mash-up espionage toolkit14 décembre 2018
An interview with ESET researchers Tomáš Gardoň and Filip Kafka on their research of a malware toolkit used in espionage against the Malaysian government The post Malaysian government targeted with mash-up espionage toolkit appeared first on WeLiveSecurity …

Android Trojan steals money from PayPal accounts even with 2FA on11 décembre 2018
ESET researchers discovered a new Android Trojan using a novel Accessibility-abusing technique that targets the official PayPal app, and is capable of bypassing PayPal’s two-factor authentication The post Android Trojan steals money from PayPal accounts even with 2FA on appeared first on WeLiveSecurity …

Week in security with Tony Anscombe7 décembre 2018
DanaBot operators have been expanding the malware’s scope with new spam-sending capability. ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. Plus fitness-tracking apps use dodgy in-app payments to steal money from unaware iPhone and iPad users The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

The Dark Side of the ForSSHe5 décembre 2018
ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats The post The Dark Side of the ForSSHe appeared first on WeLiveSecurity …

Cyberattacks on financial sector worries Americans most30 novembre 2018
A recent survey carried out by ESET has revealed that Americans are worried most about cyberattacks on the financial sector, listing it above attacks against hospitals, voting systems, or energy supply companies The post Cyberattacks on financial sector worries Americans most appeared first on WeLiveSecurity …

Week in security with Tony Anscombe30 novembre 2018
International law enforcement swoops on fake ad viewing outfit. Cyber Monday spam from Emotet. German chat site fined after GDPR data breach The post Week in security with Tony Anscombe appeared first on WeLiveSecurity …

US indicts two over SamSam ransomware attacks29 novembre 2018
The hacking and extortion scheme took place over a 34-month period with the SamSam ransomware affecting over 200 organizations in the US and Canada The post US indicts two over SamSam ransomware attacks appeared first on WeLiveSecurity …

German chat site faces fine under GDPR after data breach27 novembre 2018
The country’s first fine under GDPR is lower than might have been expected, however, as the company was acknowledged for its post-incident cooperation and enhanced security measures The post German chat site faces fine under GDPR after data breach appeared first on WeLiveSecurity …